QUESTION 311 You have 30 servers that run Windows Server 2012 R2. All of the servers are backed up daily by using Windows Azure Online Backup. You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?

QUESTION 312 You have 20 servers that run Windows Server 2012 R2. You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)

QUESTION 313 Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1. The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.) The domain contains two global groups named Group1 and Group2. You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Answer: AD Explanation: * Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 enhanced Windows security descriptors by introducing a conditional access permission entry. Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows or denies access based on results of the evaluation. Securing access to resources through claims is known as claims-based access control. Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise environment. http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess-control-en-us.aspx

QUESTION 314 Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. The File Server Resource Manager role service is installed on Server1. All servers run Windows Server 2012 R2. A Group Policy object (GPO) named GPO1 is linked to the organizational unit (OU) that contains Server1. The following graphic shows the configured settings in GPO1. Server1 contains a folder named Folder1. Folder1 is shared as Share1. You attempt to configure access-denied assistance on Server1, but the Enable accessdenied assistance option cannot be selected from File Server Resource Manager. You need to ensure that you can configure access- denied assistance on Server1 manually by using File Server Resource Manager. What should you do?

A. Set the Customize message for Access Denied errors policy setting to Enabled for GPO1. B. Set the Enable access-denied assistance on client for all file types policy setting to Enabled for GPO1. C. Set the Customize message for Access Denied errors policy setting to Not Configured for GPO1. D. Set the Enable access-denied assistance on client for all file types policy setting to Disabled for GPO1.

QUESTION 315 You have a server named FS1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on FS1. From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Share1 from Windows Explorer manually. What should you do?

QUESTION 316 Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table. You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

A. Server1 B. Server2 C. Server3 D. Server4

Answer: D Explanation: IPAM can not be installed on a Domain Controller.

QUESTION 317 Your company deploys a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. The forest contains a domain controller named DC10. On DC10; the disk that contains the SYSVOL folder fails. You replace the failed disk. You stop the Distributed File System (DFS) Replication service. You restore the SYSVOL folder. You need to perform a non-authoritative synchronization of SYSVOL on DC10. Which tool should you use before you start the DFS Replication service on DC10?

QUESTION 318 Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use?

A. Netdom B. Ntdsutil C. Dsmod D. Dsamain

Answer: B Explanation: * To create or delete an application directory partition Open Command Prompt. Type:ntdsutil At the ntdsutil command prompt, type:domain management At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit At the domain management command prompt, do one of the following: * partition management Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS). This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. / partition management create nc %s1 %s2 Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify “NULL” for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3. Note: * An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.

QUESTION 319 Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

Answer: B Explanation: Mounting an Active Directory snapshot Before connecting to the snapshot we need to mount it. By looking at the results of the List All command in step #8 above, identify the snapshot that you wish to mount, and note the number next to it. In order to mount an Active Directory snapshot follow these steps: Log on as a member of the Domain Admins group to one of your Windows Server 2008 Domain Controllers. Open a Command Prompt window by clicking on the CMD shortcut in the Start menu, or by typing CMD and pressing Enter in the Run or Quick Search parts of the Start menu. Note: You must run NTDSUTIL from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. In the CMD window, type the following command: ntdsutil In the CMD window, type the following command: snapshot To view all available snapshots, in the CMD window, type the following command: list all The result should look like this: snapshot: List All 1: 2008/10/25:03:14 {ec53ad62-8312-426f-8ad4-d47768351c9a} 2: C: {15c6f880-cc5c-483b-86cf-8dc2d3449348} In this example we only have one snapshot available, one from 2008/10/25 at 03:14AM (yes, I write articles at this time…). We’ll mount this one. In the CMD window, type the following command: mount 2 The result should look like this: snapshot: mount 2 Snapshot {15c6f880-cc5c-483b-86cf-8dc2d3449348} mounted as C:’$SNAP_200810250314_VOLUMEC$’ Next, you can leave the NTDSUTIL running, or you can quit by typing quit 2 times. Note: Like the above command, the mounting process can also be run in one line. However, note that NTDSUTIL requires that the “list all” command be run in the same session that you mount the snapshot. So in order to mount the snapshot with a one-liner, you will need to run “list all” first. ntdsutil snapshot “list all” “mount 2” quit quit Note: You do not need to quit from the NTDSUTIL command, you can keep it open assuming that you’ll probably want to unmount the snapshot right after working with it.

QUESTION 320 You have a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. Which type of data collector should you create?